BY ROLE

ThreatConnect for
Threat Intel Analysts

Threat Intel Analysts can now stay proactive with the ability to quickly prioritize threats and understand how they impact their organization. Automate tasks and easily access data so you can get this information to other team members and tools for faster decision making.

Threat Intel Analysts
Aggregate Intelligence
Determine IOC Relevancy
Operationalize Intelligence
Automate Any CyberSecurity Task
Turn Artifacts into Intel
Correlate Data Fast
Use Multiple Analysis Methodologies

Aggregate Intel to
Achieve Actionable Insights

Having disparate security tools and intelligence feeds prevents you from getting the most out of your technologies. Within ThreatConnect, Threat Intel Analysts can aggregate, deduplicate, and normalize intelligence from:

  • Premium and Open Source
    Intelligence feeds
  • Your favorite technology
    blogs and reports
  • Logs from your other
    security tools

Building and maintaining your Threat Library allows your CTI team to identify correlations and achieve actionable insights.

Determine IOC Relevancy to Your Organization

Map indicators relevant to your organization through ThreatConnect with features such as tagging and customizable attributes. ThreatConnect’s CAL™, our Collective Analytics Layer, will also accelerate the time to understanding what IOCs are relevant by crowdsourcing intelligence data such as identifying false positives and trends hitting specific verticals, for example.

Operationalize Threat Intelligence to Enhance
Detection, Prevention, and Response

Threat Intel Analysts operationalize intelligence by:

  • Enhancing your Detection and Prevention via powerful machine readable threat intelligence (MRTI) integrations. For example, quickly block a malicious IOC at your Endpoints the second it enters your network, automatically perform data enrichment via VirusTotal, or triage malware automatically with prebuilt Playbooks and Workflows.
  • Get relevant and actionable insights from intelligence sources within the ThreatConnect Platform. Then, take action by providing those insights to the necessary people and technologies via custom dashboards or reports.
  • During investigations, your SOC team can uncover new intelligence that can continue growing your threat library. Threat intel can guide security operations toward better decisions, and security operations serve as the source of valuable new intelligence.

Automate Nearly Any Cybersecurity Task

Send relevant and actionable insights to other tools with our wide breadth of integrations and flexible Playbooks. Using Triggers, Playbooks pass data to apps that perform a variety of functions, including data enrichment, malware analysis, and blocking actions. Manual and time-consuming tasks are reduced from hours to seconds, all while ensuring consistency across your processes.

Gather Artifacts from
Internal Cases and
Incidents to Turn into Intel

By encouraging information-sharing across your security teams, you’ll establish a feedback loop that allows for increased threat intelligence insight and relevance to your organization. ThreatConnect fosters this culture through supporting various integration mechanisms like a flexible REST API, easy import of even unstructured data, and an easy-to-use playbooks interface.

Correlate Data to Understand
Relationships Between Indicators

Correlating data to understand relationships between indicators is critical for threat intel analysts. With Graph View, easily pivot from one indicator to another to quickly understand relational information and build a fuller picture of things like specific threat actors or vulnerabilities.

Flexible Data Model
to Support Multiple
Analysis Methodologies

Whether you use the Diamond Model of Intrusion Analysis, Lockheed Martin’s Cyber Kill Chain, MITRE ATT&CK, or something entirely different, ThreatConnect will support you. You’re able to pivot between indicators and groups to spot patterns and tag indicators with categories like Kill Chain Stages for easy organization and analysis.